Lenovo PCs open to attack through pre-installed bloatware

A piece of bloatware installed on a large number of Lenovo desktop and laptop PCs has once again left its customers vulnerable to attack. This time an app called Accelerator Application which was designed to “speed up the launch of Lenovo applications” is at fault.

A vulnerability was found in the app that possibly could be exploited by an attacker with man-in-the-middle capabilities. Lenovo has acknowledged the security threat that Accelerator Application poses and has since urged its users to uninstall the app.

A security advisory issued by the company detailed the vulnerability and highly encouraged users to remove it from their PCs.

“A vulnerability was identified in the Lenovo Accelerator Application software which could lead to exploitation by an attacker with man-in-the-middle capabilities. The vulnerability resides within the update mechanism where a Lenovo server is queried to identify if application updates are available. Lenovo recommends customers uninstall Lenovo Accelerator Application by going to the 'Apps and Features' application in Windows 10, selecting Lenovo Accelerator Application and clicking on 'Uninstall'.”

The vulnerability present in Lenovo's Accelerator Application was discovered last week when the security firm Duo Security identified 12 vulnerabilities from various laptop manufacturers including Dell, HP, Asus, Acer and Lenovo.

The latest incident regarding bloatware that leaves users vulnerable to attack is not surprising given Lenovo's track record. In February 2015, the company dealt with a similar issue with the Superfish software that was installed on many of its PCs. Lenovo paid the price with a great deal of bad publicity and it seemed at the time that the company would do everything it could to avoid such a scandal in the future. However, less than two years later the company is back in hot water over a piece of unsecure preinstalled software.

Lenovo users should remove its Accelerator Application as soon as possible to avoid being the victim of a cyberattack and should possibly reconsider a fresh install of Windows to avoid the possibility of another scandal involving the company's preinstalled apps and software.

Image Credit: Julia Kuznetsova / Shutterstock